If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Advanced EtterCap filtering

Hi Folks,

I have a linux box with 2 nics. I'd like to run Ettercap as MiTM to apply a filter to change HTTP traffic passing through. Besided HTTP traffic, loads of multicast UDP traffic (software distribution) is passing through, so Ettercap's performance is really slow. Too slow to make it work this way..

I've tried:

- creating my own bridge on the linux machine (using brctl). Ettercap can sniff the traffic on the bridge but not change it.
- apply a tcpdump-style filter to only let TCP (http) traffic run through ettercap. This does not work because ettercap needs IP's assigned to both nics, which is not the case when bridging..

Can anyone help me out how to do this? Maybe it is possible to seperate TCP from UDP traffic and only let TCP trafic run through ettercap and let UDP traffic pass through BR0(my brctl bridge). I don't know how to do this..

Re: Advanced EtterCap filtering

Fixed my problem by using Netsed instead of Ettercap!

Created BR0 and prevented http traffic from crossing the bridge, redirecting it to a local port instead using eb+iptables.. Netsed is listening on that port and forwarding to the original destination based on a set of rules. It is working perfectly!